Compliance Management System (CMS)

A company's CMS is the foundation of its compliance program and provides the guidance and framework for its compliance culture. Regulatory agencies, investors, and other third-party partners focus on the effectiveness of the CMS and look for assurance regarding how an institution1:

Establishes its compliance responsibilities;

Communicates those responsibilities to employees;

Ensures that responsibilities for meeting legal requirements and internal policies and procedures are incorporated into business processes;

Reviews operations to ensure responsibilities are carried out and legal requirements are met; and

An effective compliance management system commonly has two interdependent control components:

Board and Management Oversight; and

Compliance Program, which includes:

Policies and procedures;

Training;

Monitoring and/or audit; and

Consumer complaint response.

When the two control components are strong and well-coordinated, a supervised entity should be successful at managing its compliance responsibilities and risks. We help clients assess whether they have implemented a comprehensive CMS through consultation, monitoring, or targeted independent compliance reviews.

1 CFPB Examination Procedures

Consultation

Every client has different needs and the regulatory compliance services we provide are tailored to those needs. We have worked with clients who are just establishing their compliance management systems (CMS) and with clients who have a mature CMS in place. Our approach ensures we have a clear understanding of a client’s operating environment and governance structure so that the advice and solutions we provide fit the institution and are sustainable in the long term. We provide consultative services that prevent compliance risks or provide early identification and correction. However, we understand that despite all efforts, there may be times when issues are identified that require remediation. We have successfully supported clients with both preventive and reactive efforts.

Supervisory/Enforcement Action and Issue Remediation

Compliance Review of New Products and Services

Policy and Procedure Development

Exam Readiness

Compliance Training for Staff, Management, and Board of Directors

Assessment & Monitoring

In business we often hear, “What gets measured gets managed.” That statement certainly holds true in reference to the effectiveness of a compliance management system (CMS). It is imperative that an institution periodically assess the effectiveness of the CMS so that it may continue to optimize the system. Our qualitative and quantitative risk assessment approach helps ensures our client’s CMS remains commensurate with its products, services, processes, and compliance risk profile. In addition, to ensure that the preventive and detective controls are functioning properly, we have conducted periodic monitoring (monthly, quarterly, semi-annually, etc.) of a sampling of transactions. This monitoring should not be confused with independent compliance audits, which are typically performed at a point in time. The monitoring results will help with program corrections, ensuring risks are mitigated sooner than later.

Compliance Risk Assessment

Compliance Monitoring

Independent Compliance Reviews

Taking the initiative to strengthen compliance performance and reduce compliance risk is paramount to a highly effective CMS. A review conducted by a qualified, independent third party will provide compliance management with an unbiased evaluation of the compliance program or execution of compliance processes against regulatory requirements. It also increases the chances of a favorable internal audit or regulatory examination as it allows management to correct issues in the normal course of business. We have conducted the following types of independent compliance reviews for our clients:

Compliance Management System

Deposit Regulations

Lending Regulations

Loan Origination

Loan Servicing

New Products

Representative Engagements

Auto Finance Review – Review of the auto finance program covering the various elements of the auto loan life cycle, including origination and servicing processes

UDAAP – assisted with a multi-phased review of a regional bank’s administration of debt protection products, including a look-back of thousands of customer loans with debt protection originated over several years